build(deps): bump the chainguard group across 1 directory with 4 updates

[dependabot]

Bumps the chainguard group with 4 updates in the / directory: chainguard.dev/apko, chainguard.dev/melange, github.com/chainguard-dev/yam and github.com/chainguard-dev/advisory-schema.

Updates chainguard.dev/apko from 0.30.7 to 0.30.9

Release notes

Sourced from chainguard.dev/apko's releases.

Release v0.30.9

Changelog

• 707cb1a294583a005714a6d8e0f04a61385e5dec Update release.md to use release workflow (#1842)

v0.30.8

What's Changed

• build(deps): bump github.com/u-root/u-root from 0.14.0 to 0.15.0 by @​dependabot[bot] in chainguard-dev/apko#1828
• build(deps): bump k8s.io/apimachinery from 0.33.4 to 0.34.0 by @​dependabot[bot] in chainguard-dev/apko#1833
• Reduce the log noise from auto-auth failures. by @​mattmoor in chainguard-dev/apko#1835

Full Changelog: chainguard-dev/apko@v0.30.7...v0.30.8

Commits

• 707cb1a Update release.md to use release workflow (#1842)
• 19f351b Reduce the log noise from auto-auth failures. (#1835)
• e22d6ca build(deps): bump k8s.io/apimachinery from 0.33.4 to 0.34.0 (#1833)
• be8d009 build(deps): bump github.com/u-root/u-root from 0.14.0 to 0.15.0 (#1828)
• See full diff in compare view

Updates chainguard.dev/melange from 0.31.1 to 0.31.3

Release notes

Sourced from chainguard.dev/melange's releases.

Release v0.31.3

What's Changed

• Qemu runner: support builds as non-root user in guest by @​stevebeattie in chainguard-dev/melange#2138
• sca: fix SCA for go-fips-1.25 by @​xnox in chainguard-dev/melange#2153

Full Changelog: chainguard-dev/melange@v0.31.2...v0.31.3

Release v0.31.2

What's Changed

• pipelines/go/build: Add ignore-untracked-files to prevent some +dirty… by @​justinvreeland in chainguard-dev/melange#2146
• Propagate environment between uses and pipelines by @​justinvreeland in chainguard-dev/melange#2139
• chore: bump apko to v0.30.8 by @​vishal-chdhry in chainguard-dev/melange#2148
• qemu runner: report kernel version by @​stevebeattie in chainguard-dev/melange#2132
• qemu runner: strip newline from kernel version by @​stevebeattie in chainguard-dev/melange#2149

New Contributors

• @​vishal-chdhry made their first contribution in chainguard-dev/melange#2148

Full Changelog: chainguard-dev/melange@v0.31.1...v0.31.2

Commits

• d10daea sca: fix SCA for go-fips-1.25 (#2153)
• 54a57bc docs/BUILD-FILE.md: improve formatting
• dfced18 docs/BUILD-FILE.md: expand information about enviroments
• 6210d9f docs/BUILD-FILE.md: add information about defining accounts
• 3aa1c87 e2e-tests: add check for default user in builds/tests
• beff8e1 qemu runner: add control connection on ssh build port
• 9df1b3e qemu runner: rename SSH connection info
• a3612ee bubblewrap: when running as custom UID, use corrsponding GID
• 4e6b4f3 tests: add checks for run-as root and non-root users
• 6cfa6ec qemu runner: strip newline from kernel version (#2149)
• Additional commits viewable in compare view

Updates github.com/chainguard-dev/yam from 0.2.31 to 0.2.32

Commits

• 36ce9a9 build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (#146)
• cbc36bd build(deps): bump chainguard-dev/actions from 1.4.12 to 1.4.13 (#143)
• 80a7537 build(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#145)
• f4e0fe7 build(deps): bump octo-sts/action from 1.0.0 to 1.0.1 (#144)
• See full diff in compare view

Updates github.com/chainguard-dev/advisory-schema from 0.37.19 to 0.37.20

Commits

• 14ffee6 build(deps): bump octo-sts/action from 1.0.0 to 1.0.1 (#73)
• 1c14ca2 build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (#72)
• b57067f build(deps): bump chainguard-dev/actions from 1.4.12 to 1.4.14 (#71)
• ba943c0 build(deps): bump the all group with 3 updates (#74)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.